Global FinTech Guide
Country Name
Korea, Republic of
KYC requirements
The know your customer or know your client (KYC) guidelines and regulations for financial services require that professionals try to verify the identity, suitability, and risks involved with maintaining a business relationship.

Legal affairs

National regulatory framework regarding AML and effective date of the regulations

The Specified Financial Information Act was enacted as Act No. 6516 on September 27, 2001 and has been in effect since November 28, 2001.

National regulator or relevant authority for AML controls

Korea Financial Intelligence Unit (Article 3 of the Specified Financial Information Act).

Customer Due Diligence

Conduct of a typical KYC identification process

The real name of the customer must be confirmed in accordance with the Act on Real Name Financial Transactions and Confidentiality.

Financial company shall comply with procedures set forth in Article 5-2 of the Specified Financial Information Act, Article 10(2)~(7) of the Enforcement Decree of the Specified Financial Information Act, and Article 20, 37~44 of the 'Business Regulation on Anti- Money Laundering and Counter Terrorist Financing', such as verifying the customer's identity when transacting with such customer, confirming the actual owner, purpose of transaction, sources of funds, etc.

Possibility to meet customer due diligence requirements by relying on third parties who are obliged by law themselves to comply with AML regulations

Article 42 of the Capital Markets Act provides for the scope of business outsourcing permitted to the financial investment business entity, operation of business outsourcing and other regulations, and the financial investment business entity may outsource a portion of its own business, concurrent business, and ancillary business to a third party on the basis of the principle that anything not expressly prohibited by the law shall be permitted (negative system).

However, if the decision-making authority of an internal control matter is outsourced or if such outsourcing is prohibited under other laws, such outsourcing shall be prohibited, and if the outsourced matter is an essential matter, the trustee of such essential matter shall be authorized or registered to perform such matter (Paragraph 4, Article 42 of the FISCMA).

CDD shall not be regarded as an outsourcing of decision-making authority with respect to internal control matters, and CDD cannot be regarded as an essential matter that is directly related to the business for which the applicable financial investment business entity obtained authorization or completed a registration. Thus, authorization or registration is not deemed to be required.

However, there is no provision prohibiting the outsourcing of CDD under the Specified Financial Information Act, and according to the 'Business Regulation on Anti- Money Laundering and Counter Terrorist Financing" enacted by the Korea Financial Intelligence Unit, it is possible to identify customers through third parties if certain requirements for identification of customers with financial companies, etc. are complied with (Article 52 and 53).

Regarding whether 'the obligation to verify customers' identity set forth in Article 5-2 of the Specified Financial Information Act may be outsourced to other financial companies', the Financial Services Commission has interpreted that 'if the requirements under Article 53 of the Business Regulation on Anti-Money Laundering and Counter Terrorist Financing are satisfied, identity of customers may be verified by outsourcing to a third party (such as other financial companies).

In light of the foregoing, it seems that outsourcing CDD to a third party will be possible.

Possibility to outsource customer due diligence by contract to other third parties who are not obliged by law to meet AML regulations and rely on these (e.g., WebID, IDnow, PostIdent)

In light of the fact that KYC procedures are strictly regulated under the Specified Financial Information Act, and in light of the purpose of Article 17 of FATF (Financial Action Task Force) Recommendations, it seems that CDD by means of WebID, IDnow, PostIdent, etc. that does not comply with the Specified Financial Information Act will not be permitted.

Presence of a license or registration requirement for the third party in case of outsourcing customer due diligence

Outsourcing of duties of CDD shall be subject to inspection and supervision by the Financial Supervisory Service (Article 43 of the FISCMA). There is no special requirement for obtaining a license.

Further questions

Entities that could be relied on specifically by law as a third party to comply with AML regulations (regardless of outsourcing)

Yes credit institutions
Yes financial institutions
No auditors, external accountants, and tax advisors
No notaries and other independent legal professionals
Yes other trust or company service providers
No estate agents
No other persons trading high-value goods
Yes providers of gambling services
Yes financial companies, etc. under the Specified Financial Information Act (Article 2(1))



© 2022, Lee & Ko. All rights reserved by Lee & Ko as author and the owner of the copyright in this chapter. Lee & Ko has granted to Multilaw non-exclusive worldwide license to use and include this chapter in this guide and to sublicense Lexis Nexis, a division of RELX Inc. and its affiliates certain rights to use and distribute this guide.

The information in this guide provides a general overview at the time of publication and is not intended to be a comprehensive review of all legal developments nor should it be taken as opinion or legal advice on the matters covered. It is for general information purposes only and readers should take legal advice from a Multilaw member firm.


Choose country